General Questions

Home/FAQ/General Questions

How to identify the effective privileges of a particular user?

Use the below SQL statement:

SELECT * FROM “PUBLIC”.”EFFECTIVE_PRIVILEGES” where USER_NAME = ‘RAGHUB’;

How to identify the current Analytic Privileges assigned to a particular user?

Use the below SQL statement:

SELECT * FROM “PUBLIC”.”EFFECTIVE_PRIVILEGES” where USER_NAME = ‘RAGHUB’ AND OBJECT_TYPE = ‘ANALYTICALPRIVILEGE’;

I am unable to view the details of other users using SQL statements. Do I need any special authorization?

You need a database user with either DATA ADMIN or CATALOG READ system privilege to query about other users. All users can query their own data, no special privileges required for the same.

When I’m assigning authorizations, getting the following error: “Could not modify user RAGHU_TR1’. Could not grant privilege ‘SELECT’ on ‘ACTIVE_OBJECT (_SYS_REPO)’. Can only grant privileges for objects in content schemas”

Instead of using the authorization management tab, grant the SQL privileges via SQL commands.

Examples (replace <user_name> by the name of the user or role that should receive the privilege):

grant SELECT on _SYS_BI.BIMC_CUBES to <user_name>;
grant SELECT on _SYS_BI.BIMC_DIMENSIONS to <user_name>;
grant SELECT on _SYS_BI.BIMC_PROPERTIES to <user_name>;
grant SELECT on _SYS_BI.BIMC_VARIABLE to <user_name>;
grant EXECUTE on SYS.REPOSITORY_REST to <user_name>;
grant EXECUTE on _SYS_REPO.GRANT_PRIVILEGE_ON_ACTIVATED_CONTENT to <user_name>;
grant EXECUTE on _SYS_REPO.GRANT_ACTIVATED_ANALYTICAL_PRIVILEGE to <user_name>;
grant SELECT on _SYS_REPO.OBJECT_HISTORY to <user_name>;
grant SELECT on _SYS_REPO.ACTIVE_OBJECT to <user_name>;
grant SELECT on _SYS_REPO.ACTIVE_OBJECTCROSSREF to <user_name>;

What is the basic difference between Regular user and a Restricted user?

Regular user can use HANA Studio & Web IDE to login to the HANA DB. Wherein, a restricted user can login only thru the Reporting tool/component.

How do I export SAP HANA DB Audit log?

By using a SAP HANA database table for the audit trail, it is possible to query and analyze auditing information quickly. Additionally, it provides a secure and tamper-proof storage facility.

However, the audit log growth will be huge and is dependent on the audit profiles are enabled. As a result, it is recommended to back up the audit logs periodically and truncate existing tables.

To back up the audit log to a temporary location, use the below SQL statement:

EXPORT “PUBLIC”.”AUDIT_LOG” INTO ‘/tmp/’

(or)

‘EXPORT “_SYS_AUDIT”.”CS_AUDIT_LOG_” INTO ‘/tmp/’

In case if you are experiencing an error that says the logs can’t be exported, perform the following activities:

CREATE COLUMN TABLE AUDIT_LOG_FOR_EXPORT AS (SELECT * FROM “PUBLIC”.”AUDIT_LOG”);

NOTE: Use should have AUDIT OPERATOR or AUDIT ADMIN system privilege perform this activity.

How to enable Audit Trails in a Tenant Database?

Audit logs in Tenant Databases can be enabled the same way, i.e., from Security  Audit tab. However, tenant database administrators cannot configure audit trail targets such as Syslog, or CSV since the underlying system properties are in the default configuration change blacklist (multidb.ini). The default target for all audit trails in tenant databases is internal database table.

How to clear or truncate Audit table?

Here is how you can truncate AUDIT_LOG table:

If the audit trail target is a database table, you can avoid the audit table growing indefinitely by deleting audit entries created up until a certain time and date. You can do this using the Security editor of the SAP HANA studio.

NOTE: It is recommended to archive the audit entries before proceeding with these steps. Also, you must have the system privilege AUDIT OPERATOR to perform this activity.

use the SQL command ALTER SYSTEM CLEAR AUDIT LOG ALL to completely clear the table contents.

Incase if you wish to remove the audit logs for a specific period, use the below:

ALTER SYSTEM CLEAR AUDIT LOG UNTIL ‘2022-01-15 23:59:59’;

If you wish to delete the audit logs from a specific audit policy, you may use the below syntax:

ALTER SYSTEM CLEAR AUDIT LOG FOR AUDIT POLICY “Policy Name” UNTIL ‘2021-06-15 23:59:59’;

Also, refer to the stored procedure created by Lars to simplify this activity and automate the process at:

https://answers.sap.com/questions/239823/cleanup-auditlog-table-data-older-than-30days.html

error: Content is protected !!